[Secure-testing-commits] r2909 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Dec 1 09:14:24 UTC 2005
Author: joeyh
Date: 2005-12-01 09:14:19 +0000 (Thu, 01 Dec 2005)
New Revision: 2909
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-01 09:07:09 UTC (rev 2908)
+++ data/CVE/list 2005-12-01 09:14:19 UTC (rev 2909)
@@ -1,3 +1,191 @@
+CVE-2006-0034
+ RESERVED
+CVE-2006-0033
+ RESERVED
+CVE-2006-0032
+ RESERVED
+CVE-2006-0031
+ RESERVED
+CVE-2006-0030
+ RESERVED
+CVE-2006-0029
+ RESERVED
+CVE-2006-0028
+ RESERVED
+CVE-2006-0027
+ RESERVED
+CVE-2006-0026
+ RESERVED
+CVE-2006-0025
+ RESERVED
+CVE-2006-0024
+ RESERVED
+CVE-2006-0023
+ RESERVED
+CVE-2006-0022
+ RESERVED
+CVE-2006-0021
+ RESERVED
+CVE-2006-0020
+ RESERVED
+CVE-2006-0018
+ REJECTED
+ TODO: check
+CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar ...)
+ TODO: check
+CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...)
+ TODO: check
+CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...)
+ TODO: check
+CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...)
+ TODO: check
+CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...)
+ TODO: check
+CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...)
+ TODO: check
+CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...)
+ TODO: check
+CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...)
+ TODO: check
+CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...)
+ TODO: check
+CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...)
+ TODO: check
+CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...)
+ TODO: check
+CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...)
+ TODO: check
+CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...)
+ TODO: check
+CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...)
+ TODO: check
+CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...)
+ TODO: check
+CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...)
+ TODO: check
+CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...)
+ TODO: check
+CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...)
+ TODO: check
+CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...)
+ TODO: check
+CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...)
+ TODO: check
+CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
+ TODO: check
+CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...)
+ TODO: check
+CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...)
+ TODO: check
+CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...)
+ TODO: check
+CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...)
+ TODO: check
+CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...)
+ TODO: check
+CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...)
+ TODO: check
+CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...)
+ TODO: check
+CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...)
+ TODO: check
+CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...)
+ TODO: check
+CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
+ TODO: check
+CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.3.0 allows local users to execute ...)
+ TODO: check
+CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...)
+ TODO: check
+CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
+ TODO: check
+CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...)
+ TODO: check
+CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...)
+ TODO: check
+CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...)
+ TODO: check
+CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...)
+ TODO: check
+CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...)
+ TODO: check
+CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...)
+ TODO: check
+CVE-2005-3918 (** DISPUTED ** ...)
+ TODO: check
+CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...)
+ TODO: check
+CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
+ TODO: check
+CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
+ TODO: check
+CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...)
+ TODO: check
+CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
+ TODO: check
+CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
+ TODO: check
+CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
+ TODO: check
+CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
+ TODO: check
+CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
+ TODO: check
+CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+ TODO: check
+CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...)
+ TODO: check
+CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK ...)
+ TODO: check
+CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE ...)
+ TODO: check
+CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...)
+ TODO: check
+CVE-2005-3903
+ RESERVED
+CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
+ TODO: check
+CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...)
+ TODO: check
+CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
+ TODO: check
+CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
+ TODO: check
+CVE-2005-3898
+ REJECTED
+ TODO: check
+CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
+ TODO: check
+CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...)
+ TODO: check
+CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in ...)
+ TODO: check
+CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket ...)
+ TODO: check
+CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a ...)
+ TODO: check
+CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...)
+ TODO: check
+CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...)
+ TODO: check
+CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
+ TODO: check
+CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
+ TODO: check
CVE-2005-XXXX [webmin format string vulnerability]
- webmin <unfixed> (bug #341394; medium)
TODO: This sounds as if perl needed to be fixed as well,
@@ -650,18 +838,18 @@
RESERVED
CVE-2005-3706
RESERVED
-CVE-2005-3705
- RESERVED
-CVE-2005-3704
- RESERVED
+CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
+ TODO: check
+CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
+ TODO: check
CVE-2005-3703
RESERVED
-CVE-2005-3702
- RESERVED
-CVE-2005-3701
- RESERVED
-CVE-2005-3700
- RESERVED
+CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...)
+ TODO: check
+CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...)
+ TODO: check
+CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator ...)
+ TODO: check
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky Anti-Virus ...)
@@ -852,7 +1040,7 @@
NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...)
NOT-FOR-US: DB2
-CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0 binds ...)
+CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 ...)
NOT-FOR-US: Tivoli
CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...)
NOT-FOR-US: VERITAS Cluster Server
@@ -1298,7 +1486,7 @@
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected>
-CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before 2.6.15 ...)
+CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Insecure temp file usage in migrationtools]
@@ -2131,7 +2319,7 @@
CVE-2005-3187
RESERVED
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
- {DSA-911-1}
+ {DSA-913-1 DSA-911-1}
- gtk+2.0 2.6.10-2 (bug #339431; medium)
- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...)
@@ -2737,10 +2925,10 @@
[sarge] - pam <not-affected> (Does not contain SELinux support)
[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
- {DSA-911-1}
+ {DSA-913-1 DSA-911-1}
- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...)
- {DSA-911-1}
+ {DSA-913-1 DSA-911-1}
- gdk-pixbuf 0.22.0-11 (bug #339431; low)
- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...)
@@ -3241,8 +3429,8 @@
NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
NOT-FOR-US: Symantec Antivirus
-CVE-2005-2757
- RESERVED
+CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...)
+ TODO: check
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to ...)
NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit attackers to ...)
@@ -5937,10 +6125,10 @@
NOT-FOR-US: Windows
CVE-2005-2125
RESERVED
-CVE-2005-2124
- RESERVED
-CVE-2005-2123
- RESERVED
+CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...)
+ TODO: check
+CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...)
+ TODO: check
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
NOT-FOR-US: Windows
CVE-2005-2121
@@ -18950,7 +19138,6 @@
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
- {DSA-303}
TODO: not sure if this is fixed
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
More information about the Secure-testing-commits
mailing list